Jump to content

iLivid Infection?


Recommended Posts

Hello, my copmuter seems to have a mind of it's own, I'm being redirected to sites I haven't looked for, my mouse pointer hangs, download speed is slow although I supposedly have a 60Mbp. I recently noticed several ads popping up and notices telling me that I have missing plugins (iLivid) I Googled iLivid which led me to this forum, can someone please help.

Thank you.

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.

Well assuming you've downloaded and installed Malwarebytes and updated it and have done a Quick Scan and it comes back clean and do not otherwise appear to be infected it could simply be an annoying JavaScript or XML type redirect trick.

Please run the following and post back the logs as requested and let us know if it corrects the issue for you or not. If not then you'll need to get help in the HJT forum from one of the Experts in malware detection and removal.

STEP 1

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 2

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 3

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

Thank you so much for your reply, I have downloaded AdwCleaner, here is the txt log

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 09:34:06

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Fromtop2toe - FROMTOP2TOE-PC

# Boot Mode : Normal

# Running from : C:\Users\Fromtop2toe\Desktop\VIRUS CLEANER\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : IB Updater

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\IB Updater

Folder Deleted : C:\Program Files\Perion

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\FROMTO~1\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Fromtop2toe\AppData\Local\Conduit

Folder Deleted : C:\Users\Fromtop2toe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Deleted : C:\Users\Fromtop2toe\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Fromtop2toe\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\Software\IB Updater

Key Deleted : HKLM\Software\ImInstaller

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16446

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Fromtop2toe\AppData\Roaming\Mozilla\Firefox\Profiles\1p0cpk5k.default\prefs.js

Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Fromtop2toe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4772 octets] - [15/12/2012 09:32:10]

AdwCleaner[R2].txt - [4832 octets] - [15/12/2012 09:33:06]

AdwCleaner[s1].txt - [4726 octets] - [15/12/2012 09:34:06]

########## EOF - C:\AdwCleaner[s1].txt - [4786 octets] #########

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.